Appln. No. 10/585,140 

Amdt. dated July 27, 2010 

Reply to Office action of April 27, 2010 



Amendments to the Claims: 



This listing of the claims will replace all prior versions, and listings, of 



Listing of Claims : 

1 . (Currently Amended) Method for controlling program execution 



- updating a trace print representing an execution pathway and/or handled 
data on program execution, 

- adjusting the trace point along the execution pathways before reachinc 
certain points of convergence of a check flow so that trace prints of 
converging pathways are made equal. 

- comparing said trace print (current va l uo, calculated 



to ti=»e a value the trace print should have if program execution is not 
d i sturbed) disturbed at determined points of the program, and 
- performing special treatment if the current trace print differs from the 
expected value. 

2. (Previously Presented) Method as in claim 1 , wherein the special 



treatment of the program if the current trace print differs from the expected value, 
consists of securitizing certain data and/or alerting a user of the ill-functioning by a 
sound or visual signal and/or interrupting the execution of said program whether 
definitively or not. 



claims in the application: 



integrity by verifying execution traces, comprising: 




dynamically with an expected value tfixed -fixed statically, equal 
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3. (Previously Presented) Method as in claim 1 , wherein said trace print 
only concerns critical code fragments of the program and/or program status which is 
considered critical. 

4. (Currently Amended) Method as in claim 1 , wherein said trace print 
is calculated incrementally along the execution pathway of the program by successive 
composition of a function of which one argument is the current trace print value and of 
which another argument is a spoc i f i c obsorvat i on data i tom at po i nt and t i mo of traco 
pr i nt updating (program status and/or program oxocut i on po i nt and/or handled 
data ^representative of local execution of the program or an expression that relates to 
dynamic program data . 

5. (Currently Amended) Method as in claim 4, wherein said function 
consists of one of the following functions: « checksum », linear congruency, cyclic 
redundancy check (CRC), cryptographic tracing print (« d i gest ») , or combination of the 
following operations: addition, subtraction, «or» exclusive logic ( «< xor ») with a constant 
or with said observation data item; rotation of a constant number of bits; multiplication 
by an uneven constant. 

6. (Cancelled) 

7. (Currently Amended) Method as in c l a i m S claim 1 . wherein the 

adjustment operation consists of a combination of the following functions: assignment to 
a constant value, addition with a constant, «or» exclusive logic « xor» (« xor») w ith a 
constant value. 
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8. (Previously Presented) Method as in claim 1 , wherein, at certain 
points of the program, the trace print is assigned to a certain value rather than deducted 
from a preceding trace print value. 

9. (Previously Presented) Method as in claim 8, wherein said program 
points are those where execution branches converge whose number is greater than a 
certain threshold and/or those which are entry points of subroutines and/or of exception 
handlers, and in that said assigned value is a given value and/or any value determined 
by random drawing and/or a program expression determined by previous analysis as an 
invariant at the program point under consideration. 

10. (Previously Presented) Method as in claim 1 , wherein the trace print 
value is compared with the expected value at program points determined by their 
particular characteristic in a check flow graph of said program and/or by the type of 
operations performed at said program points. 

1 1 . (Previously Presented) Method as in claim 10, wherein said program 
points are located after each branch and/or before each join of the check flow and/or 
before each operation which writes in non-volatile memory and/or before certain 
cryptographic operations and/or before a call to certain library routines and/or after a 
call to certain library routines. 

12. (Currently Amended) Method as claimed in claim 1 , wherein trace 
print setting (ca l cu l at i on and/or updat i ng and/or adjustment and/or ass i gnment) and/or 
trace print controlling are made: 

- explicitly by an instrumentation of the program 
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- explicitly by the execution machine (v i rtua l mach i ne and/or processor of the 
oxocut i on p l atform) , on the basis of complementary program data which 
indicate to said execution machine at which program points and/or with which 
values (inc l ud i ng va l ues resu l t i ng from comp l ex operations) the trace print 
setting and/or controlling operations are to be made, said values including 
values resulting from complex operations, and/or 

- implicitly by the execution machine (v i rtua l mach i ne and/or processor of the 
oxocut i on p l atform) , on the basis of a particular observation of executed 
instructions. 

13. (Previously Presented) Method as in claim 12, wherein said 
instrumentation of the program code is based on explicit handling of a variable or a 
register representing the trace print and/or on the call to specialized routines and/or on 
the use of specialized instructions of the execution machine. 

14. (Previously Presented) Method as in claim 12, wherein said 
complementary program data is coded in tables which associate program points with a 
code defining an operation to be performed, and which are only consulted by the 
execution machine when executing particular instructions. 

15. (Previously Presented) Method as in claim 14, wherein said 
particular instructions are branches and/or wnting in non-volatile memory and/or calls to 
certain program routines and/or certain cryptographic operations. 

16. (Previously Presented) Method as in claim 1 , wherein the expected 
trace print values and trace print adjustment values at given program points are 
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determined by static analysis of the program which can simulate an unwinding of some 
loops and recursions and which can modify the program to make the trace print values 
predictable and/or to check these values. 

17. (Currently Amended) Method as in claim 9 wherein for the purpose 
of said analysis, information is provided concerning trace print updating 
(proaram corresponding to program points and type of execution observations at this 
program eetFrt ^point. and/or trace print adjustment (program corresponding to program 
points where the trace print must be adjusted to a certain va l uo) value. and/or trace print 
assignment (program corresponding to program points where the trace print must be 
forced to a valuo W alue. and/or trace print controlling (program corresponding to 
program points where the trace print must be chockod) checked . this information: 

- being determined automatically^ 

- being given in the form of directives consisting of instructions placed in the 
program code and operating on the trace print , such (such as program 
routine calls, whether or not taking any integer as argument) argument, 
and/or being given in the form of tables complementary to the program, 

- and able to be completed and/or modified in accordance with the values 
calculated by said analysis. 

18. (Currently Amended) Method as in claim 17, wherein for each 
program routine, the expected trace print values are determined by the following 
operating sequence: 
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• I n i t i a li s i ng initialising all the program points to be explored with the singleton formed 
of the first program routine instruct i on- instruction, 

• Momor i z i ng memorizing . at the program routine entry point, a trace print value equal 
to the initial trace print value g i von. given, 

• Fef-for as long as said set of program points to be explored is not void: 

- Extracting extracting a program point (po i nt of or i g i n) from said set of program 
points to be explored, said program point being a point of origin. 

- FeFfor each of the resulting possible program points after execution of the 
instruction , said resulting possible program point being target points tefeet 
po i nts) : 

[[*]] I f tho if the target point contains a trace print assignment and if this 
target point has not yet been explored, memorizing at the target point the 
trace print value defined by the ass i gnmont. assignment. 

[[*]] if the I f tho target point does not contain a trace print assignment 
and if this target point has already been explored, inserting between the 
instruction at the point of origin and the instruction at the target point a 
trace print adjustment which sends the trace print value at the point of 
origin onto the trace print value memorized at the target po i nt. point. 

[[*]] if the I f tho target point does not contain a trace print assignment 
and if this target point has not yet been explored, memorizing at the 
target point the trace print value at the point of origin, optionally modified 
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by a trace print update if one exists between the point of origin and the 

target point. 

[[*]] if the I f the target point has not yet been explored, adding said 
target point in said set of program points to be explored. 

1 9. (Currently Amended) Method as claimed in claim 1 7, wherein the 
trace print concerns complete execution of the program (including with program routine 
calls) from its entry points, said method being applied to a set of routines by treating the 
instructions of static program routine call as unconditional branches on the first 
instruction of the called program routine, the instructions of dynamic program routine 
call as conditional branches on the first instruction of the corresponding called program 
routine, and the instructions of return call as branches towards the instructions following 
immediately after the corresponding call. 

20. (Currently Amended) Method as claimed in claim 12, wherein the 
program and/or the execution machine are instrumented so that the trace print is saved 
on certain calls to routines , such (such as those which are not part of the program or 
cannot be ana l ysed) analysed, and is restored on return call. 

21 . (Currently Amended) Method as claimed in claim 12, wherein the 
program and/or the execution machine are instrumented so that the trace print is 
adjusted on call and return from certain routines ( i nc l ud i ng . including routines 
determined dynamically at the time of eati^call so that it is equal to: 

- on entry of the called program routine: a value which depends on the name 
and/or signature of the called program routine , such (such as a value 
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obtained by cryptographic tracing print of the name and/or 

s l qnaturo) slqnature : 

- after return in the calling program routine: a value which similarly depends on 
the name and/or signature of the called program routine, each exception 
handler concerned by the program routine call ( i .o. poss i b l y be i ng affoctod 
whon an oxcopt i on i s li fted i n tho ca ll od program rout i ne) having to assign the 
trace print to a determined value , said exception handler being able to be 
affected when an exception is lifted in the called program routine . 

22. (Currently Amended) Method as claimed in claim 3, wherein if the 
trace print is updated implicitly by an execution machine: 

- trace print setting may be temporarily suspended to avoid unnecessary 
calculations when executing non-critical code fragments of the program 
and/or when program status is not considered critical and/or during the 
execution of certain routines not performing a trace print check; 

- trace print setting, if it is not suspended, relates to each executed instruction, 

[[*]] including some of its immediate arguments and/or some of program 
invariants for this instruction , such tetieh-as the height of the operand 
stack or the presence of certain types of values in the operand stack) 
stack, and/or choices of branch made if the instruction is a branch, 

[[*]] but provided that the executed instruction belongs to a given class 
of instructions to be observed, said class being fixed for the execution 
machine or else given by a table associating a Boolean with every 



- 11 - 



Appln. No. 10/585,140 

Amdt. dated July 27, 2010 

Reply to Office action of April 27, 2010 

instruction code indicating whetlier tine instruction is to be observed, 
and said table being specific to different routines and/or different 
programs. 

23. (Currently Amended) l\/letliod as in claim 12, wherein: 

- some operations on the trace print , such (such as trace print assignment and 
contro lli ng) controlling, are inserted explicitly in the program code; 

- some operations on the trace print , such (such as trace print adjustment) 
adjustment, are performed explicitly by the execution machine in relation to 
complementary program information, 

- some operations on the trace print , such (ouch as trace pnnt updat i ng) updating, are 
performed implicitly by the execution machine. 

24. (Previously Presented) Method as in claim 12, wherein: 

- if trace print set and/or check operations are made by program routine calls, the 
program is accompanied by a library which implements these routines, said library 
possibly being substituted by a special implementation when loading on an 
execution platform; 

- If the trace print set and check operations are expressed by complementary program 
information and if the execution platform does not know and/or cannot and/or does 
not want to use this information, said information is ignored to enable execution 
without integrity controlling. 

25. (Previously Presented) Method as claim 20, wherein the execution 
machine of the program has specialized instructions for trace print calculation and/or 
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trace print update and/or trace print adjustment and/or trace print assignment and/or 
trace print controlling and/or trace print saving on calls to routines and trace print 
restoration on return from a program routine, these instructions appearing explicitly in 
the program code and/or being used to implement the execution machine. 

26. (Currently Amended) Execution system enabling controlling of 
execution Integrity wherein said system includes a microprocessor which has 
specialized instructions for trace print calculation and/or trace print update and/or trace 
print adjustment and/or trace pnnt assignment and/or trace print controlling and/or trace 
print saving on calls to routines and trace print restoration on return from a program 
routine, wherein said controlling comprises the following steps: 

- updating a trace print representing an execution pathway and/or handled data 
on program execution, 

- comparing said trace print (current va l ue, ca l cu l ated dynam i ca ll y) w ith an 
expected value (f i xed stat i ca ll y, equa l to a va l ue the trace phnt shou l d havo I f 
program execution is not disturbed) at determined points of the program^ 
wherein said trace point is a current value, calculated dynamically , and the 
expected value is fixed statically, equal to a value the trace print should have 
if program execution is not disturbed. 

- performing special treatment if the current trace print differs from the 
expected value. 
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